CVE-2024-27370

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos 980 Samsung Mobile Processor Exynos 850 Samsung Mobile Processor Exynos 1280 Samsung Mobile Processor Exynos 1380 Samsung Mobile Processor Exynos 1330

Description An issue was discovered in the function slsi nan config get nl params(), where there is no input validation check on hal req->num config discovery attr coming from userspace, which can lead to a heap overwrite.

Recommendations For Samsung Mobile Processor Exynos 980, update to a version that includes input validation for hal req->num config discovery attr. For Samsung Mobile Processor Exynos 850, update to a version that includes input validation for hal req->num config discovery attr. For Samsung Mobile Processor Exynos 1280, update to a version that includes input validation for hal req->num config discovery attr. For Samsung Mobile Processor Exynos 1380, update to a version that includes input validation for hal req->num config discovery attr. For Samsung Mobile Processor Exynos 1330, update to a version that includes input validation for hal req->num config discovery attr. As a temporary workaround, consider disabling the slsi nan config get nl params() function until a patch is available.